{"title":"基于攻击行为模型的在线恶意软件防御","authors":"Sanjeev Das, Hao Xiao, Yang Liu, Wei Zhang","doi":"10.1109/ISCAS.2016.7527492","DOIUrl":null,"url":null,"abstract":"Malware detection is one central topic in cybersecurity, which ideally requires an accurate, efficient and robust (to malware variants) solution. In this work, we propose a hardwareassisted architecture to perform online malware detection with two phases. In the offline phase, we learn the attack model of malware in the form of Deterministic Finite Automaton (DFA). During the runtime phase, we implement a DFA-based detection approach in hardware to check whether a program's execution contains the malicious behavior specified in the DFA. We evaluate our method using real world data of 168 Linux malware samples and 370 benign applications. The results show that our DFA-based approach can recognize malware variants of same family with the potential to detect zero-day attacks. Implemented in hardware, our architecture offers a real time detection with low performance and resource overhead, and more importantly, it cannot be bypassed by malware using sophisticated evasion techniques.","PeriodicalId":6546,"journal":{"name":"2016 IEEE International Symposium on Circuits and Systems (ISCAS)","volume":"10 1","pages":"1322-1325"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Online malware defense using attack behavior model\",\"authors\":\"Sanjeev Das, Hao Xiao, Yang Liu, Wei Zhang\",\"doi\":\"10.1109/ISCAS.2016.7527492\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware detection is one central topic in cybersecurity, which ideally requires an accurate, efficient and robust (to malware variants) solution. In this work, we propose a hardwareassisted architecture to perform online malware detection with two phases. In the offline phase, we learn the attack model of malware in the form of Deterministic Finite Automaton (DFA). During the runtime phase, we implement a DFA-based detection approach in hardware to check whether a program's execution contains the malicious behavior specified in the DFA. We evaluate our method using real world data of 168 Linux malware samples and 370 benign applications. The results show that our DFA-based approach can recognize malware variants of same family with the potential to detect zero-day attacks. Implemented in hardware, our architecture offers a real time detection with low performance and resource overhead, and more importantly, it cannot be bypassed by malware using sophisticated evasion techniques.\",\"PeriodicalId\":6546,\"journal\":{\"name\":\"2016 IEEE International Symposium on Circuits and Systems (ISCAS)\",\"volume\":\"10 1\",\"pages\":\"1322-1325\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Symposium on Circuits and Systems (ISCAS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCAS.2016.7527492\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Circuits and Systems (ISCAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCAS.2016.7527492","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Online malware defense using attack behavior model
Malware detection is one central topic in cybersecurity, which ideally requires an accurate, efficient and robust (to malware variants) solution. In this work, we propose a hardwareassisted architecture to perform online malware detection with two phases. In the offline phase, we learn the attack model of malware in the form of Deterministic Finite Automaton (DFA). During the runtime phase, we implement a DFA-based detection approach in hardware to check whether a program's execution contains the malicious behavior specified in the DFA. We evaluate our method using real world data of 168 Linux malware samples and 370 benign applications. The results show that our DFA-based approach can recognize malware variants of same family with the potential to detect zero-day attacks. Implemented in hardware, our architecture offers a real time detection with low performance and resource overhead, and more importantly, it cannot be bypassed by malware using sophisticated evasion techniques.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
